For cPanel & WHM 11.48

This page was last updated on: Feb 20, 2018 11:07

Upgrade blockers

Staging Directory

Version 11.48.2.1 introduces the Staging Directory. The system notifies you if there is insufficient space available to complete the upgrade and allows you to select a new location for the Staging Directory.

New features

MariaDB® support

In cPanel & WHM version 11.48, we now support MariaDB 10.0. If you have MariaDB installed instead of MySQL®, MySQL interfaces and API calls will manage MariaDB, its databases, and its users. However, most user interfaces will continue to display the text "MySQL" instead of "MariaDB." As we phase out MySQL, we will update the user interfaces to display "MariaDB."

Warning:

Your cPanel & WHM server must use the CentOS 6 or newer operating system to upgrade the database server from MySQL to MariaDB. You cannot upgrade to MariaDB on a server that uses CentOS 5.

We strongly recommend that you back up your database before you upgrade your database or change to MariaDB.

The system considers MariaDB to be an upgrade to MySQL. If you change to MariaDB, you cannot change back to MySQL.

Note:

Both pre and post Standardized Hooks run for major and minor MySQL upgrades. However, the system does not run Standardized Hooks for MariaDB for minor version updates because yum manages minor version changes.

The Restricted Restore feature performs additional security checks on the backup file in order to mitigate the risk of transfers from unfamiliar sources. If a component of the backup file has an issue (for instance, a MySQL grant table is compromised or a symbolic link attack), the system will not restore that portion of the backup and will add a warning to the log file.

If you do not trust the source of the account backup with root access to your server, use the Restricted Restore feature to protect your server.

Warning:

The Restricted Restore feature is EXPERIMENTAL. Do not consider it to be an effective security control at this time. The behavior of this feature may change in a future release of cPanel & WHM. Exercise extreme caution when you use this feature.

If you wish to use Restricted Restore to restore an account that owns PostgreSQL databases, the target server must use PostgreSQL version 8.4 or newer .

The Restricted Restore feature will only allow restored accounts to use noshell or jailshell. If the restored account uses another shell, the system will do the following:

cPanel & WHM version 11.48.1 or later — Sets the account to use jailshell.

cPanel & WHM version 11.48 or earlier — Sets the account to use noshell. For more information, read our VirtFS (Jailed Shell) documentation.

New scripts

Added support for Mail SNI integration

For systems that support SNI, you can now enable SNI for a domain during SSL installation. You can also enable or disable SNI for domains that have SSL certificates already installed.

Increased default size and maximum size for mail quotas

We have increased the default email quota – which is available in cPanel's Email Accounts interface (Home >> Mail >> Email Accounts) – to 1,024 MB. The maximum value is 2,048 MB for 32-bit systems and 4 TB for 64-bit systems.

OWASP Rules for ModSecurity™

In cPanel & WHM version 11.48, we now distribute the OWASP ModSecurity Core Rule Set (CRS). The OWASP ModSecurity CRS is a set of rules for use with the ModSecurity Apache module to help protect your web server from malicious traffic. Through the guidance of OWASP, cPanel now distributes a curated set of these rules. You can install and manage these rules with the WHM ModSecurity applications. For more information about the OWASP ModSecurity CRS, that includes installation pre-requisites and instructions, read our OWASP ModSecurity CRS documentation.

ModSecurity Vendors

In cPanel & WHM version 11.48, we now provide the ability to add ModSecurity rule sets with the ModSecurity Vendorsinterface (Home >> Security Center >> ModSecurity Vendors). In addition, we have provided the ability to create custom ModSecurity vendors. For more information about how to create a ModSecurity vendor, read our How to Create a ModSecurity Vendor documentation.

New binary hostname update utility

cPanel & WHM version 11.48 introduces the /usr/local/cpanel/bin/set_hostname utility. Run this utility as the root user to change the server's hostname and automatically perform all of the necessary system updates. This utility is useful if you wish to change the server's hostname during a process that requires you to call the binary (for example, automated cloning processes).

Updated Apache memory usage limitations

You can now enter a value for the Apache RLimitsMEM, and optionally restart Apache.

cPHulk improvements

In cPanel & WHM version 11.48, cPHulk uses fewer MySQL queries in order to improve performance and stability. You can also now add and edit comments on whitelist and blacklist entries to help you manage those entries.

Furthermore, cPHulk will not consider a user at an IP address who uses the same username and password combination repeatedly to be a brute force attacker. This often happens when a user has not yet updated their email password on a handheld device.

New cPHulk settings

In cPanel & WHM version 11.48, we have added the following new settings to cPHulk:

The lookback period for counting failed logins against a user

Command to run when an IP triggers brute force protection

Command to run when an IP is blocked for a one day period

Block IPs that trigger brute force protection at the firewall level

Block IPs that match the criteria for a one day block at the firewall level

Note:

The Block IPs that trigger brute force protection at the firewall level and Block IPs that match the criteria for a one-day block at the firewall level options are not available on Virtuozzo.

Improved Login/Brute History Report for CPHulk

We have expanded the Login/Brute History Report tab in WHM's cPHulk Brute Force Protection interface (Home > Security Center > cPHulk Brute Force Protection) to include the following four tables:

Failed Logins

Blocked Users

Blocked IP Addresses

Blocked IP Addresses with Excessive Login Failures

We have also expanded the columns within each table to show the time that remains in the lockout or block period.

Improved UI for cPHulk

We redesigned the user interface for cPHulk to improve navigation and functionality. The tables for whitelist and blacklist entries now include comments and the ability to sort. You can also add your IP address to the whitelist by clicking the button on the warning notification.

ModSecurity Reports

In cPanel & WHM version 11.48, we have added the ability to report a issue with a vendor provided ModSecurity rule in theModSecurity Toolsinterface (Home >> Security Center >> ModSecurity Tools).

Notification centralization

In cPanel & WHM version 11.48, we have moved management of cPanel & WHM contact address changes and notification settings changes to the iContact module. The system logs the changes in the /var/cpanel/user_notifications/username file, where username represents the cPanel account name. This provides better performance and consistent contact management.

Notification settings alert via email

In cPanel & WHM version 11.48, the system has the ability to notify a user when their cPanel notification settings are disabled or their contact addresses change.

Note:

If the user has modified their IP address, the IP address in the notification email may not be accurate.

Login notification

In cPanel & WHM version 11.48, users may request a notification when someone authenticates to any service that uses cPanel & WHM's authentication scheme. The system will also notify users when the notification settings change.

In order to prevent unnecessary messages, the system will halt notifications for 24 hours after a successful login for a specific service, user, and IP address combination.

ChkServd added to Contact Manager

In cPanel & WHM version 11.48, we have added the Service interruptions option to the Contact Manager interface (Home >> Server Contacts >> Contact Manager). This allows you to customize the notifications that your server sends when a service fails, restarts, or times out.

Paper Lantern

The Paper Lantern theme is still in development in cPanel & WHM version 11.48. Eventually, Paper Lantern will become the default theme for cPanel.

Customize Paper Lantern interface improvements

In cPanel & WHM version 11.48, you can view the favicon and logo that you previously uploaded in WHM's Customize Paper Lantern interface (Home >> cPanel >> Customize Paper Lantern). You can also delete and upload new items in this interface.

Webmail interface improvements

In cPanel & WHM version 11.48, we restyled the Webmail interface to match the Paper Lantern theme. For more information, read our Webmail documentation.

Retro Style for Paper Lantern

Plugin File Generator improvements

In cPanel & WHM version 11.48, WHM's cPanel Plugin File Generator interface (Home >> Development >> cPanel Plugin File Generator) is now compatible with the Paper Lantern theme. This interface generates an installation file for a cPanel plugin. The plugin file that you generate can contain one or more items.

Authentication improvements

In cPanel & WHM version 11.48, passwords and passphrases throughout cPanel and WHM may now contain spaces. Also, the system rejects any leading and trailing spaces in passphrases during GPG key creation.

Finally, GPG keys that you create without passphrases through the Gpg::genkey() function in cPanel API 1 now process correctly.

Note:

The cPanel interface requires that GPG keys contain passphrases.

Backup restoration logs

In cPanel & WHM version 11.48, we have changed the Backup Restoration feature so that it uses the restoration functionality in the new Transfer and Restore system.

Updated cpsrvd daemon

We have updated the cpsrvd daemon to log X-Forward-For header data in the access log.

BASH history timestamps

New installations of cPanel & WHM version 11.48 include timestamps in the BASH history.

Updated bandwidth notification emails

We have updated the email notification that the system sends when a user reaches a bandwidth limit threshold. These emails now include predictive warnings that indicate when the user will exceed the account's bandwidth limits.

Dovecot compression

In cPanel & WHM version 11.48, Dovecot now uses the COMPRESS extension to IMAP to make IMAP connections more efficient. For more information about IMAP compression, read IETF's IMAP COMPRESS extension article.

New cpanel.config variables

Initial defaults for the following variables now exist in the /var/cpanel/cpanel.config file:

Additional notes for third-party developers

If your custom applications use a /usr/local/cpanel/scripts/restartsrv_* script, you may need to update and test your code.

These scripts are now more robust, and may return errors more visibly than in previous versions of cPanel & WHM.

Update any custom code that touches a restartsrv-managed service to use the appropriate /usr/local/cpanel/scripts/restartsrv_* scripts. Custom code should not call scripts in the /etc/init.d/ directory.

API column sorting

In cPanel & WHM version 11.48, we have added column selection and sorting to UAPI, WHM API 1 and cPanel API 2. This allows you to return only the data you need, which reduces system load and increases performance.

Deprecated and removed items

Deprecated Tweak Setting

In cPanel & WHM version 11.48, we have removed the legacy Use safe quotas setting from the System section of WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings). cPanel & WHM no longer supports older versions of Virtuozzo and the Linux 2.4 kernels that required that setting.

Removed VPS support

In cPanel & WHM version 11.48, we removed support for the User Mode Linux, FreeVPS, and ServeXchange Virtual Private Server environments.

Removed Cpanel::Config::SaveCpUserFilemodule

In cPanel & WHM version 11.48, we removed the Cpanel::Config::SaveCpUserFile module in favor of the Cpanel::Config::CpUserGuard module, which avoids race conditions. You can no longer use the Cpanel::Config::SaveCpUserFile module.

Logaholic removals

The integrated Logaholic application is no longer available in cPanel & WHM. During the upgrade to cPanel & WHM version 11.48, the system automatically removes the integrated Logaholic application from the server. This removal will not affect any Logaholic user data.

Because of these changes, cPanel's Logaholic interface (Home >> Logs >> Logaholic) is no longer available.

cPanel, WebHost Manager, and WHM are registered trademarks of cPanel, Inc. for providing its computer software that facilitates the management and configuration of Internet web servers. ®2018 All rights reserved.